CVE-2016-7650: XSS
First published: Mon Feb 20 2017(Updated: )
An issue was discovered in certain Apple products. iOS before 10.2 is affected. Safari before 10.0.2 is affected. The issue involves the "Safari Reader" component, which allows remote attackers to conduct UXSS attacks via a crafted web site.
Credit: product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| iStyle @cosme iPhone OS | <=10.1.1 | |
| Apple Mobile Safari | <=10.0.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2016-7650?
CVE-2016-7650 has a moderate severity rating due to its potential to allow user experience spoofing attacks.
How do I fix CVE-2016-7650?
To fix CVE-2016-7650, update your Apple device to iOS 10.2 or newer and Safari to version 10.0.2 or newer.
What products are affected by CVE-2016-7650?
CVE-2016-7650 affects certain Apple products running iOS versions prior to 10.2 and Safari versions prior to 10.0.2.
What type of attack can be executed using CVE-2016-7650?
CVE-2016-7650 allows remote attackers to conduct UXSS (Universal Cross-Site Scripting) attacks via a specially crafted website.
Is CVE-2016-7650 exploitable remotely?
Yes, CVE-2016-7650 is exploitable remotely by attackers through crafted web content.
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/severity
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- agent/weakness
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/apple
- canonical/istyle @cosme iphone os
- version/istyle @cosme iphone os/10.1.1
- canonical/apple mobile safari
- version/apple mobile safari/10.0.1